Add a return value to tls_prf_t.get_bytes()
This commit is contained in:
Martin Willi
parent
edd54734c8
commit
97b30b93b0
|
|
@ -1462,7 +1462,11 @@ METHOD(tls_crypto_t, calculate_finished, bool,
|
||||||
{
|
{
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
this->prf->get_bytes(this->prf, label, seed, 12, out);
|
if (!this->prf->get_bytes(this->prf, label, seed, 12, out))
|
||||||
|
{
|
||||||
|
free(seed.ptr);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
free(seed.ptr);
|
free(seed.ptr);
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
@ -1470,7 +1474,7 @@ METHOD(tls_crypto_t, calculate_finished, bool,
|
||||||
/**
|
/**
|
||||||
* Derive master secret from premaster, optionally save session
|
* Derive master secret from premaster, optionally save session
|
||||||
*/
|
*/
|
||||||
static void derive_master(private_tls_crypto_t *this, chunk_t premaster,
|
static bool derive_master(private_tls_crypto_t *this, chunk_t premaster,
|
||||||
chunk_t session, identification_t *id,
|
chunk_t session, identification_t *id,
|
||||||
chunk_t client_random, chunk_t server_random)
|
chunk_t client_random, chunk_t server_random)
|
||||||
{
|
{
|
||||||
|
|
@ -1480,16 +1484,20 @@ static void derive_master(private_tls_crypto_t *this, chunk_t premaster,
|
||||||
/* derive master secret */
|
/* derive master secret */
|
||||||
seed = chunk_cata("cc", client_random, server_random);
|
seed = chunk_cata("cc", client_random, server_random);
|
||||||
this->prf->set_key(this->prf, premaster);
|
this->prf->set_key(this->prf, premaster);
|
||||||
this->prf->get_bytes(this->prf, "master secret", seed,
|
if (!this->prf->get_bytes(this->prf, "master secret", seed,
|
||||||
sizeof(master), master);
|
sizeof(master), master))
|
||||||
|
{
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
this->prf->set_key(this->prf, chunk_from_thing(master));
|
this->prf->set_key(this->prf, chunk_from_thing(master));
|
||||||
|
|
||||||
if (this->cache && session.len)
|
if (this->cache && session.len)
|
||||||
{
|
{
|
||||||
this->cache->create(this->cache, session, id, chunk_from_thing(master),
|
this->cache->create(this->cache, session, id, chunk_from_thing(master),
|
||||||
this->suite);
|
this->suite);
|
||||||
}
|
}
|
||||||
memwipe(master, sizeof(master));
|
memwipe(master, sizeof(master));
|
||||||
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -1513,7 +1521,11 @@ static bool expand_keys(private_tls_crypto_t *this,
|
||||||
}
|
}
|
||||||
seed = chunk_cata("cc", server_random, client_random);
|
seed = chunk_cata("cc", server_random, client_random);
|
||||||
block = chunk_alloca((mks + eks + ivs) * 2);
|
block = chunk_alloca((mks + eks + ivs) * 2);
|
||||||
this->prf->get_bytes(this->prf, "key expansion", seed, block.len, block.ptr);
|
if (!this->prf->get_bytes(this->prf, "key expansion", seed,
|
||||||
|
block.len, block.ptr))
|
||||||
|
{
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
/* signer keys */
|
/* signer keys */
|
||||||
client_write = chunk_create(block.ptr, mks);
|
client_write = chunk_create(block.ptr, mks);
|
||||||
|
|
@ -1580,8 +1592,11 @@ static bool expand_keys(private_tls_crypto_t *this,
|
||||||
{
|
{
|
||||||
seed = chunk_cata("cc", client_random, server_random);
|
seed = chunk_cata("cc", client_random, server_random);
|
||||||
this->msk = chunk_alloc(64);
|
this->msk = chunk_alloc(64);
|
||||||
this->prf->get_bytes(this->prf, this->msk_label, seed,
|
if (!this->prf->get_bytes(this->prf, this->msk_label, seed,
|
||||||
this->msk.len, this->msk.ptr);
|
this->msk.len, this->msk.ptr))
|
||||||
|
{
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
@ -1590,8 +1605,9 @@ METHOD(tls_crypto_t, derive_secrets, bool,
|
||||||
private_tls_crypto_t *this, chunk_t premaster, chunk_t session,
|
private_tls_crypto_t *this, chunk_t premaster, chunk_t session,
|
||||||
identification_t *id, chunk_t client_random, chunk_t server_random)
|
identification_t *id, chunk_t client_random, chunk_t server_random)
|
||||||
{
|
{
|
||||||
derive_master(this, premaster, session, id, client_random, server_random);
|
return derive_master(this, premaster, session, id,
|
||||||
return expand_keys(this, client_random, server_random);
|
client_random, server_random) &&
|
||||||
|
expand_keys(this, client_random, server_random);
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tls_crypto_t, resume_session, tls_cipher_suite_t,
|
METHOD(tls_crypto_t, resume_session, tls_cipher_suite_t,
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,7 @@ METHOD(tls_prf_t, set_key12, void,
|
||||||
/**
|
/**
|
||||||
* The P_hash function as in TLS 1.0/1.2
|
* The P_hash function as in TLS 1.0/1.2
|
||||||
*/
|
*/
|
||||||
static void p_hash(prf_t *prf, char *label, chunk_t seed, size_t block_size,
|
static bool p_hash(prf_t *prf, char *label, chunk_t seed, size_t block_size,
|
||||||
size_t bytes, char *out)
|
size_t bytes, char *out)
|
||||||
{
|
{
|
||||||
char buf[block_size], abuf[block_size];
|
char buf[block_size], abuf[block_size];
|
||||||
|
|
@ -71,14 +71,15 @@ static void p_hash(prf_t *prf, char *label, chunk_t seed, size_t block_size,
|
||||||
out += block_size;
|
out += block_size;
|
||||||
bytes -= block_size;
|
bytes -= block_size;
|
||||||
}
|
}
|
||||||
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tls_prf_t, get_bytes12, void,
|
METHOD(tls_prf_t, get_bytes12, bool,
|
||||||
private_tls_prf12_t *this, char *label, chunk_t seed,
|
private_tls_prf12_t *this, char *label, chunk_t seed,
|
||||||
size_t bytes, char *out)
|
size_t bytes, char *out)
|
||||||
{
|
{
|
||||||
p_hash(this->prf, label, seed, this->prf->get_block_size(this->prf),
|
return p_hash(this->prf, label, seed, this->prf->get_block_size(this->prf),
|
||||||
bytes, out);
|
bytes, out);
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tls_prf_t, destroy12, void,
|
METHOD(tls_prf_t, destroy12, void,
|
||||||
|
|
@ -144,17 +145,21 @@ METHOD(tls_prf_t, set_key10, void,
|
||||||
this->sha1->set_key(this->sha1, chunk_create(key.ptr + key.len - len, len));
|
this->sha1->set_key(this->sha1, chunk_create(key.ptr + key.len - len, len));
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tls_prf_t, get_bytes10, void,
|
METHOD(tls_prf_t, get_bytes10, bool,
|
||||||
private_tls_prf10_t *this, char *label, chunk_t seed,
|
private_tls_prf10_t *this, char *label, chunk_t seed,
|
||||||
size_t bytes, char *out)
|
size_t bytes, char *out)
|
||||||
{
|
{
|
||||||
char buf[bytes];
|
char buf[bytes];
|
||||||
|
|
||||||
p_hash(this->md5, label, seed, this->md5->get_block_size(this->md5),
|
if (!p_hash(this->md5, label, seed, this->md5->get_block_size(this->md5),
|
||||||
bytes, out);
|
bytes, out) ||
|
||||||
p_hash(this->sha1, label, seed, this->sha1->get_block_size(this->sha1),
|
!p_hash(this->sha1, label, seed, this->sha1->get_block_size(this->sha1),
|
||||||
bytes, buf);
|
bytes, buf))
|
||||||
|
{
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
memxor(out, buf, bytes);
|
memxor(out, buf, bytes);
|
||||||
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tls_prf_t, destroy10, void,
|
METHOD(tls_prf_t, destroy10, void,
|
||||||
|
|
|
||||||
|
|
@ -44,8 +44,9 @@ struct tls_prf_t {
|
||||||
* @param seed seed input value
|
* @param seed seed input value
|
||||||
* @param bytes number of bytes to get
|
* @param bytes number of bytes to get
|
||||||
* @param out buffer receiving bytes
|
* @param out buffer receiving bytes
|
||||||
|
* @return TRUE if bytes generated successfully
|
||||||
*/
|
*/
|
||||||
void (*get_bytes)(tls_prf_t *this, char *label, chunk_t seed,
|
bool (*get_bytes)(tls_prf_t *this, char *label, chunk_t seed,
|
||||||
size_t bytes, char *out);
|
size_t bytes, char *out);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue